Hi,
I just successfully setup SSL VPN with split tunneling for 10 users. When suddenly one of the remote access users, one of them need not be split tunnel because he/she basically doesn't need to be split tunneled since he/she won't be using the internet for browsing, mainly just for work.
Is it possible to isolate this specific user? BTW, I'm using a Fortigate 61E.
Thanks
You need to use either LDAP auth server or Realms to separate user groups and bind different portals; one split, the other no-split. Then set different policies. Below is one of cookbook page for realm config.
http://cookbook.fortinet.com/multi-realm-ssl-vpn/
I agreed, you need multiple portals. This will allow you to set split-tunnel and tunnel-all to each portal.
Ken
PCNSE
NSE
StrongSwan
I've already set 2 portals,
First portal is: Full-access (tunnel and web) this portal was also set to split tunnel so they can access their internal and th einternet separately
Second portal is: Tunnel only ( no split tunnel)
But whenever I used the non-split tunnel portal, it is not recognize by one of the web servers which only recognizes the Fortigate's IP.
Thanks
Jeff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.